Bug 1418579 - Use selinux when building ovirt-appliance
Summary: Use selinux when building ovirt-appliance
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-appliance
Classification: oVirt
Component: Build
Version: 4.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.2.2
: ---
Assignee: Yuval Turgeman
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-02 08:50 UTC by Yuval Turgeman
Modified: 2018-04-30 11:01 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
SELinux is now set to Enforcing by default in the ovirt-appliance.
Clone Of:
Environment:
Last Closed: 2018-03-29 11:03:55 UTC
oVirt Team: Node
rule-engine: ovirt-4.2+
grafuls: testing_plan_complete-
sbonazzo: devel_ack+
lsvaty: testing_ack+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 80451 0 master MERGED cloud-init: add cloud_init_t to permissive list 2017-10-16 15:58:09 UTC

Description Yuval Turgeman 2017-02-02 08:50:33 UTC
Today the kickstart for building ovirt-appliance sets selinux --permissive, we need to check if it can be changed to enforcing.

Comment 1 Yuval Turgeman 2017-06-05 10:33:09 UTC
This was reverted since engine-setup (firewall-cmd) hangs in selinux when run from cloud-ini (missing transition from cloud_init_t to firewalld_t)

Comment 2 Red Hat Bugzilla Rules Engine 2017-06-05 10:33:14 UTC
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 3 Sandro Bonazzola 2017-06-09 09:59:44 UTC
Dropping code change, since this requires a full functional test once done.

Comment 4 Ryan Barry 2017-06-27 09:54:38 UTC
Yuval - has a bug been filed against cloud-init for this?

Comment 5 Yuval Turgeman 2017-06-27 13:02:20 UTC
Yes, not by us, though, but it's the same behavior, see bug 1126096

Comment 6 Yuval Turgeman 2017-06-29 13:21:45 UTC
I just noticed that bug 1126096 was reported in 2014, could setenforce 0 or add cloud_init_t to permissive in our cloud-init script ?

Comment 8 Yaniv Kaul 2017-10-26 11:37:04 UTC
Can this move to MODIFIED?

Comment 9 Sandro Bonazzola 2017-11-14 09:15:59 UTC
We need a patch in appliance code.

Comment 10 Gonza 2018-01-11 15:19:10 UTC
Checked on:
rhvm-appliance-20180103.0-1.x86_64.rhevm.ova

$ getenforce
Permissive

Comment 11 Red Hat Bugzilla Rules Engine 2018-01-11 15:19:16 UTC
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 13 Gonza 2018-02-21 09:19:33 UTC
Verified with:
rhvm-appliance-4.2-20180202.0.x86_64.rhevm.ova

# getenforce
Enforcing

Comment 14 Sandro Bonazzola 2018-03-29 11:03:55 UTC
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.